Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestions search

Untriaged

Filter by:

With package: cosmic-greeter

Found 1 matching suggestions

View:

Compact

Detailed

Permalink CVE-2026-25704

created 2 weeks, 5 days ago

Incomplete privilege drop for com.system76.CosmicGreeter.GetUserData

A Privilege Dropping / Lowering Errors/Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in cosmic-greeter can allow an attacker to regain privileges that should have been dropped and abuse them in the racy checking logic. This issue affects cosmic-greeter before https://github.Com/pop-os/cosmic-greeter/pull/426.

References

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2026-25704

Affected products

cosmic-greeter

<https://github.com/pop-os/cosmic-greeter/pull/426

Matching in nixpkgs

pkgs.cosmic-greeter

Greeter for the COSMIC Desktop Environment

nixos-unstable 1.0.8
- nixpkgs-unstable 1.0.8
- nixos-unstable-small 1.0.8
nixos-25.11 1.0.0
- nixos-25.11-small 1.0.0
- nixpkgs-25.11-darwin 1.0.0

Package maintainers

@nyabinary Niko Cantero <nyanbinary@keemail.me>
@thefossguy Pratham Patel <prathampatel@thefossguy.com>
@griffi-gh Luna Prasol <prasol258@gmail.com>
@ahoneybun Aaron Honeycutt <aaronhoneycutt@proton.me>
@Pandapip1 Gavin John <gavinnjohn@gmail.com>
@michaelBelsanti Mike Belsanti <mbels03@protonmail.com>
@drakon64 Evelyn Chance <nixpkgs@drakon.cloud>
@HeitorAugustoLN Heitor Augusto <nixpkgs.woven713@passmail.net>
@a-kenji Alexander Kenji Berthold <aks.kenji@protonmail.com>
@alyssais Alyssa Ross <hi@alyssa.is>

1